Malicious Websites: What Are They and How to Avoid Them

A malicious website is any site that’s been created to cause harm by stealing your private information, gaining access to your finances, or downloading unwanted software to take over

your computer.

Whether cybercriminals want to empty your bank account, steal your identity, or are really bored and just want to remap your keyboard so you type the wrong phrase over and over again, we all have to be hypervigilant to avoid malicious websites. 

The problem is, they look like legitimate websites. So how do you avoid them?

Identifying a Malicious Website

To steer clear of malicious websites, you need to know how to identify them.

According to, some basic tactics of fake websites are when:

  • The website automatically asks you to run software or download a file when you’re not expecting to do so.
  • The website tells you your device is infected with malware or your browser extensions or software are out-of-date.
  • The website claims you have won a prize and requests your personal information to claim it.

Other clues you’re on a fake website

  • The URL looks suspicious. is safe. https://google.[something].com is not. This is a subdomain of [something].com — which could be a malicious website.
  • The site does not use https. Most sites use https, rather than http, which indicates they are protected by an SSL certificate. However, some sites have not yet made the upgrade to https, and not all https URLs are safe.

Look for the lock icon symbol on your web browser. This means the website is secured with a digital certificate. 

According to, a banking institution, “This means that any information sent between your browser and the website is sent securely, and can’t be intercepted and read by someone else while the information is in transit.”

However, the lock icon no longer means guaranteed protection. “It used to be that scammers and thieves did not bother to buy digital certificates for their fake websites … Unfortunately, the scammers have caught on … and know that people are more likely to trust a “secure” site that features the padlock icon. Because of this, they are increasingly securing their fake sites with digital certificates.”

Almost 50% of phishing sites now have the lock icon. Always make sure it’s there, but keep in mind that its presence isn’t a guarantee.

Protecting Your Data from Malicious Websites

Most people don’t look into the problems of cybercrime until after they’ve been victimized. The best way to stop data breaches is to prevent them from happening in the first place by following these guidelines set by the Federal Trade Commission:

  • Install and update security software, and use a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS X) to update automatically.
  • Don’t change your browser’s security settings. You can minimize “drive-by” or bundled downloads if you keep your browser’s default security settings.
  • Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.
  • Instead of clicking on a link in an email, type the URL of a trusted site directly into your browser. Criminals send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a scam site.
  • Don’t open attachments in emails unless you know who sent it and what it is. Opening the wrong attachment — even if it seems to be from friends or family — can install malware on your computer.
  • Get well-known software from the source. Sites that offer lots of different browsers, PDF readers, and other popular free software are more likely to include malware.
  • Read each screen when installing new software. If you don’t recognize a program, or are prompted to install additional “bundled” software, decline the additional program or exit the installation process.

Remove Malware

Stop your online activity immediately if you think your computer has been infected. Stay away from your financial information. Update your security software and call your computer’s tech support team for help.

Good luck!